Demiton Logo
Demiton

Connector Guide: Dynamics 365 Business Central

Configure the Universal Adapter for Business Central using Service-to-Service (S2S) authentication. Includes permission configuration and Web Service publishing for ABA generation.

The S2S Authorization Model

Demiton connects to Dynamics 365 Business Central (SaaS) using OAuth 2.0 Service-to-Service (S2S) authentication. This method uses an Azure App Registration rather than a licensed user account, ensuring connection stability during password rotations or staff turnover.

Phase 1: Azure App Registration

You must create a "digital identity" for Demiton in your Azure tenant.

Step 1: Register the App

  1. Log in to the Azure Portal (portal.azure.com).
  2. Navigate to Microsoft Entra ID > App registrations.
  3. Click + New registration.
  4. Name: Demiton Engine.
  5. Supported account types: Accounts in this organizational directory only (Single tenant).
  6. Click Register.

Step 2: Create the Secret

  1. In the left menu, select Certificates & secrets.
  2. Click + New client secret.
  3. Description: Demiton Access Key.
  4. Expires: 24 months (recommended).
  5. Copy the Value immediately. You will not be able to see it again.

Step 3: Add API Permissions

  1. Select API permissions > + Add a permission.
  2. Select Dynamics 365 Business Central.
  3. Choose Application permissions (NOT Delegated).
  4. Check:
    • API.ReadWrite.All
    • Automation.ReadWrite.All
  5. Click Add permissions.
  6. Critical: Click the "Grant admin consent for [Your Org]" button.

Phase 2: Business Central Internal Configuration

This is the most critical step. You must map the Azure App to internal Business Central permissions.

  1. Log in to Business Central.
  2. Search for "Microsoft Entra Applications" (formerly Azure Active Directory Applications).
  3. Click + New.
  4. Client ID: Paste the Application (Client) ID from Azure.
  5. Description: Demiton Engine.
  6. State: Set to Enabled.

The Permission Set Configuration (Critical)

Business Central blocks assigning the SUPER permission set to Service Apps. You must assign specific sets to allow data access.

  1. Scroll down to User Permission Sets.
  2. Add the following rows:
    • D365 AUTOMATION: Allows API and OData access.
    • D365 BUS PREMIUM (or D365 BASIC): Allows read/write access to financial tables.
  3. Important: Leave the Company column BLANK.
    • Why? If you select a specific company, Demiton cannot perform "Company Discovery" to list your available entities, and the connection will fail.

Troubleshooting: If the permission rows are greyed out, change the State field at the top to Disabled, add the rows, and then switch it back to Enabled.

  1. Finally, click Grant Consent in the top ribbon if prompted.

Phase 3: Enable Payment Services (Required for ABA/EFT)

To generate bank files (ABA) and read Payment Journals, you must expose the specific payment pages as OData Web Services. The standard API v2.0 does not expose the "Exported" status flag or Recipient Bank Account details required for secure payments.

  1. In Business Central, search for "Web Services".
  2. Click + New.
  3. Enter the following details in a new row:
    • Object Type: Page
    • Object ID: 256 (Payment Journal)
    • Service Name: PaymentJournal (Case sensitive, ensure no spaces)
    • Published: Checked
  4. Click out of the row to save.

Demiton can now safely read pending payments, verify recipient details, and update the "Exported to Payment File" status after processing.

Phase 4: Configure Demiton

  1. Log in to Demiton.
  2. Go to Connectors > Add Connector.
  3. Select Business Central.
  4. Tenant ID: Your Azure Directory ID.
  5. Client ID: Your App Application ID.
  6. Client Secret: The secret value from Phase 1.
  7. Environment: Typically Production or Sandbox.
    • Note: Do not enter the full URL. Demiton constructs the OData endpoints dynamically.

Click Test Connection. Demiton will scan for available companies (Legal Entities) and cache the API schema.